[英]How to enable CORS in Dynamics CRM?
Please note that the question is specifically intended for Dynamics CRM. 请注意,该问题专门针对Dynamics CRM。 I'm hoping for a proprietary functionality that extends or replaces the common web development.
我希望有一种专有功能可以扩展或替换常见的Web开发。 Hence, this question isn't a duplicate, although it might seem so once one sees "CORS" and this "yet another duck asking about CORS..." (typo intended).
因此,这个问题不是重复的,尽管一旦人们看到“ CORS”和“又有一只鸭子在问CORS ...”(通常是打字错误),看起来就好像是这样。
I'm trying to make a call to an outside word from CRM and, of course, I run into CORS issues. 我试图打电话给CRM的外部人员,当然,我遇到了CORS问题。 Now, I have very little control over the server side that the call is directed to, so I wonder if it's possible to work around it from the client somehow.
现在,我几乎无法控制呼叫定向到的服务器端,因此我想知道是否可以通过客户端解决该问题。
The optimal solution would be if the server developers allowed calls from different domains but there's a risk that they won't do that. 最佳解决方案是服务器开发人员允许来自不同域的呼叫,但存在他们不这样做的风险。 What are my options then, besides writing a custom service layer that opens for CORS towards calls from CRM and speaks to the third party server?
那么,除了编写自定义服务层以向CORS打开以访问来自CRM的呼叫并与第三方服务器对话之外,我还有什么选择?
The nag is as follows (of course, from the URL line the call performs perfectly well). 内容如下(当然,从URL行来看,调用效果非常好)。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://yaba.daba.doo/list?p1=[]&p2=0&&_=1415714629958 .
跨域请求被阻止: 同源策略禁止在https://yaba.daba.doo/list?p1 = []&p2 = 0 && __ 41515629629958处读取远程资源。 This can be fixed by moving the resource to the same domain or enabling CORS.
可以通过将资源移到同一域或启用CORS来解决此问题。
It's an old question but I solved this problem on CRM 2011 (and IIS 7.0) editing the web.config. 这是一个老问题,但是我在CRM 2011(和IIS 7.0)上通过编辑web.config解决了该问题。
I have added the CORS Header to IIS response. 我已将CORS标头添加到IIS响应中。
Add the basic headers 添加基本标题
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Headers" value="Origin, X-HTTP-Method, X-Requested-With, Content-Type, Accept" />
<add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>[..]
Add Rules 添加规则
Install Url Rewrite and add the rules below 安装网址重写并添加以下规则
<rewrite>
<rules>
[..]
<!-- This rule allow the prefligh request to be authenticated, otherwise raise the 401 error, required ONLY if you use POST, for GET only is not necessary -->
<rule name="CORS Preflight Anonymous Authentication" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_METHOD}" pattern="^OPTIONS$" />
</conditions>
<action type="CustomResponse" statusCode="200" statusReason="Preflight" statusDescription="Preflight" />
</rule>
[..]
</rules>
<outboundRules>
<clear />
<rule name="AddCORSHeaders">
<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<!-- This add the Access-Control-Allow-Origin if the pattern match the request url -->
<add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.lan|(.+\.)?mydomain\.com|(.+\.)?otherdomain\.com))" />
</conditions>
<action type="Rewrite" value="{C:0}" />
</rule>
</outboundRules>
</rewrite>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.